2017-05-31 22:54 GMT+05:00 Selva Nair <selva.n...@gmail.com>:
> Hi,
>
> Copying openvpn-devel:
> As this is related to openvpn best to have this discussion in the devel
> list, I suppose.
> (see also: https://github.com/OpenVPN/openvpn-gui/issues/
> 168#issuecomment-305250704)
>
> On Wed, May 31, 2017 at 12:58 PM, Gert Doering <notificati...@github.com>
> wrote:
>
>> On Wed, May 31, 2017 at 09:43:21AM -0700, Selva Nair wrote:
>> > As I said, get openvpn to report route errors in the status and then we
>> can
>> > add a warning to the status popup, turn the icon red etc instead of the
>> > current misleading "successfully connected" behaviour.
>>
>> This is actually a discussion I was trying to have a long time ago
>> (a few years) - "why do we ignore route addition errors?".
>>
>> The IPv6 code doesn't (because I think that errors are errors, not
>> warnings...) and that was always some sort of weird asymmetry...
>>
>> I still don't know the reasoning here, but I suspect it's something along
>> "you push a route that is identical to the local subnet" (192.168.1.0/24,
>> for example, because the user happens to be in a bad NAT network) and
>> "all of a sudden it fails"... so this might need more discussion, and
>> also some code cleanups to gracefully handle situations where an error
>> is "tolerated".
>>
>
> That and some route addition errors like "route already exists" are often
> benign. So a fatal error is not appropriate. But, IIRC,
> openvpn_execve_check only allows printing of errors as FATAL or WARN.
> Currently we do not parse the log message flags (error vs warning etc.) in
> the Windows GUI, but that could be improved if openvpn can log route errors
> like access denied as such.
>
> In any case, the status reported to the management when connected with
> errors should be something other than "CONNECTED,SUCCESS" -- say
> "CONNECTED,ROUTE-FAILED" etc. so that UI can intimate the user.
>
> Selva
>
I want to bring it to attention again.
actually, there're couple of things
a) should "ipv4 route manipulation failure" be fatal
b) how to signal (and handle) those failures within openvpn-gui
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
